ISACA CCAK Certificate of Cloud Auditing Knowledge Online Training
ISACA CCAK Online Training
The questions for CCAK were last updated at Jul 16,2025.
- Exam Code: CCAK
- Exam Name: Certificate of Cloud Auditing Knowledge
- Certification Provider: ISACA
- Latest update: Jul 16,2025
Which of the following should be an assurance requirement when an organization is migrating to a Software as a Service (SaaS) provider?
- A . Location of data
- B . Amount of server storage
- C . Access controls
- D . Type of network technology
In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:
- A . passed to the sub cloud service providers based on the sub cloud service providers’ geographic location.
- B . passed to the sub cloud service providers.
- C . treated as confidential information and withheld from all sub cloud service providers.
- D . treated as sensitive information and withheld from certain sub cloud service providers.
Which of the following is the PRIMARY component to determine the success or failure of an organization’s cloud compliance program?
- A . Defining the metrics and indicators to monitor the implementation of the compliance program
- B . Determining the risk treatment options to be used in the compliance program
- C . Mapping who possesses the information and data that should drive the compliance goals
- D . Selecting the external frameworks that will be used as reference
Organizations maintain mappings between the different control frameworks they adopt to:
- A . help identify controls with common assessment status.
- B . avoid duplication of work when assessing compliance,
- C . help identify controls with different assessment status.
- D . start a compliance assessment using the latest assessment.
To assist an organization with planning a cloud migration strategy to execution, an auditor should recommend the use of:
- A . enterprise architecture (EA).
- B . object-oriented architecture.
- C . service-oriented architecture.
- D . software architecture
The CSA STAR Certification is based on criteria outlined the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) in addition to:
- A . ISO/IEC 27001 implementation.
- B . GB/T 22080-2008.
- C . SOC 2 Type 1 or 2 reports.
- D . GDPR CoC certification.
What does “The Egregious 11" refer to?
- A . The OWASP Top 10 adapted to cloud computing
- B . A list of top shortcomings of cloud computing
- C . A list of top breaches in cloud computing
- D . A list of top threats to cloud computing
Which objective is MOST appropriate to measure the effectiveness of password policy?
- A . The number of related incidents decreases.
- B . Attempts to log with weak credentials increases.
- C . The number of related incidents increases.
- D . Newly created account credentials satisfy requirements.
An auditor wants to get information about the operating effectiveness of controls addressing privacy, availability, and confidentiality of a service organization.
Which of the following can BEST help to gain the required information?
- A . ISAE 3402 report
- B . ISO/IEC 27001 certification
- C . SOC1 Type 1 report
- D . SOC2 Type 2 report
Which of the following is a cloud-specific security standard?
- A . 15027017
- B . 15014001
- C . 15022301
- D . 15027701
Latest CCAK Dumps Valid Version with 76 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
